On 02/25/2013 02:40 PM, Steven Jan Springl wrote: > I have applied both patches. > > When I use the corrected snat entry with 'tcp' appended: > > eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000-1010 tcp > > I get the following error message: > > ERROR: The separator for a port range is ':', not '-' (1000-1010) > /etc/shorewall6A1/snat (line 10) > > When I change the snat entry as indicated in the above message to: > > eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000:1010 tcp > > I get the following error message: > > ERROR: Invalid IPv6 Address ([2001:470:a:227::2]-[2001:470:a:227::10]:1000) > /etc/shorewall6A1/snat (line 10) > > If I specify just one port: > > eth0 2001:1::/56 [2001:470:a:227::2]-[2001:470:a:227::10]:1000 tcp > > The following ip6tables rule is generated: > > -A eth0_masq -p 6 -s 2001:1::/56 -j SNAT --to-source > 2001:470:a:227::2]-[2001:470:a:227::10 --toports 1000 > > Which produces the following error message: > > ip6tables-restore v1.4.17: Invalid address format
The attached patch eliminates this problem. > > Note, the example for the ADDRESS column in the snat man page contains a '::' > separator between the address and the port range. I've corrected the man page. Thanks Steven, -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
diff --git a/Shorewall/Perl/Shorewall/Nat.pm b/Shorewall/Perl/Shorewall/Nat.pm
index 12599df..a5fbea9 100644
--- a/Shorewall/Perl/Shorewall/Nat.pm
+++ b/Shorewall/Perl/Shorewall/Nat.pm
@@ -283,13 +283,14 @@ sub process_one_masq1( $$$$$$$$$$ )
validate_address $addr, 0;
}
- $addrlist .= "--to-source $addr ";
if ( supplied $ports ) {
- validate_portpair( $proto, $ports );
+ validate_portpair1( $proto, $ports );
$exceptionrule = do_proto( $proto, '', '' );
- $addrlist .= "--toports $ports ";
+ $addr = "[$addr]:$ports";
}
+
+ $addrlist .= "--to-source $addr ";
} else {
if ( $addr =~ /^(.+)-(.+)$/ ) {
validate_range( $1, $2 );
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
